Inkohärentes Geschreibsel eines Late Adopters
Geschrieben um 23:27
Geschrieben um 23:48
This one doesn’t have my name on the cover, only on the inside, as I was the technical reviewer for this book. The CentOS Bible can be used as a reference book for many things regarding CentOS, while the Definitive Guide to CentOS is more of a solution oriented book. Both are worth having, IMHO, for personal reasons (hey, I wrote some of it) I prefer the Definitive Guide, though.
Geschrieben um 13:37
Geschrieben um 13:43
But first things first: An open letter to Lance Davis, one of the CentOS Project founders, has been published on the CentOS web site and on the main CentOS mailing list, so you might want to read that before reading further here.
Back? Good. I’ve been following the CentOS project since some time in 2004 and have been an active member of the CentOS team since 2006. Lance has been around for longer, being a founder and all. First time I met Lance was in 2007 at Fosdem in Brussels and then again at LinuxTag in Berlin. Everything seemed fine there. But from then on things seemed to deteriorate.
Lance vanished from the project some time in 2008. Everybody needs time off from projects from time to time, so there was no real need to worry about that. What there was to worry about is the following: Lance is the only one, who can make active changes to the centos.org domain, as he “owns it”. Nobody else in the team is able to add nameservers, for instance. Recently he put an anonymizing service on the domain, so that nobody from the outside can see who that domain belongs to.
The third thing - and that is the one which hurts me the most - is that Lance is the one who has access to the Google AdSense and the Paypal accounts, again without a backup. We have asked for overviews of the accounts several times now and haven’t gotten back any answers. This money was donated towards the project and could have been used for professionally made media for fairs and conventions, professionally made advertisement material for the same, hardware, community support (give out media to people who want to show off CentOS) and so on. To make it clear: Nobody in the CentOS team wants to make money off the project, we all have jobs and do CentOS in our free time.
This means that the project depends on one person in too many ways. Add to that a person who doesn’t answer calls, isn’t available as meetings, doesn’t publish things he promised to do - we have a problem. And this is unacceptable. We as a project have to be more transparent. And this is one of the things blocking this.
As Lance hasn’t answered requests regarding that over the last few months, the remaining team now has put a stop on that. For the moment all ads have been removed from website and wiki and we are not accepting any paypal donations anymore.
We still want Lance to be able to answer all of that in a good fashion, so that everything can be corrected. So the step might seem a bit drastic at the moment (but this has been lingering for quite some time now). It might also seem like our reaction has come too late. It might also mean that we will lose the centos.org domain. And all the money people have donated towards the project and not to one person. I would like to offer my apologies for that.
But either way, we will continue and get the project back on track. With your help, I hope, as I still think that CentOS is one heck of a cool project to work on.
Other people’s thoughts about this issue: Tim Verhoeven’s Blog, Karanbir Singh’s Blog and Russ Herrold’s Blog. There will also be much discussion in the mailing lists, I guess. Please partake if you want to add your opinion.
Here is the letter:
July 30, 2009 04:39 UTC
This is an Open Letter to Lance Davis from fellow CentOS Developers
It is regrettable that we are forced to send this letter but we are left with no other options. For some time now we have been attempting to resolve these problems:
You seem to have crawled into a hole … and this is not acceptable.
You have long promised a statement of CentOS project funds; to this date this has not appeared.
You hold sole control of the centos.org domain with no deputy; this is not proper.
You have, it seems, sole ‘Founders’ rights in the IRC channels with no deputy ; this is not proper.
When I (Russ) try to call the phone numbers for UK Linux, and for you individually, I get a telco intercept ‘Lines are temporarily busy’ for the last two weeks. Finally yesterday, a voicemail in your voice picked up, and I left a message urgently requesting a reply. Karanbir also reports calling and leaving messages without your reply.
Please do not kill CentOS through your fear of shared management of the project.
Clearly the project dies if all the developers walk away.
Please contact me, or any other signer of this letter at once, to arrange for the required information to keep the project alive at the ‘centos.org’ domain.
Geschrieben um 13:00
As far as we can see there has been no data or binary injected into the system or taken from the system. The machine hasn’t been used as a source for sending spam (in the widest possible meaning) either.
We have been able to identify the source of the attacks, but have not been able to find out if the files have been put there through a compromised user account in the Xoops system. Although we are fairly sure that there has been no such compromise, we have enforced a password expiry on all accounts on the system. wiki.centos.org and bugs.centos.org - though being on the same machine - have not been affected by this.
All users having an account on www.centos.org need to acquire a new password through the “lost password” system of Xoops.
We are terribly sorry for any inconvenience this might cause you and would like to apologize for that.
Geschrieben um 03:22
Looks like someone at Red Hat had the same feeling and funded Murray McAlliser to write The Security-Enhanced Linux User Guide. After skimming over it it looks like it builds up on the SELinux policy which is in Fedora 9 and 10, which is a good step forward from the policy set in CentOS 5 (and let us not talk about CentOS 4). So not everything mentioned in that guide can be used directly on CentOS 5, but the basics are explained somewhat better than in the Deployment Guide.
So if you want to or have to work with SELinux for the first time this guide definitely is worth a read.
I just stumbled over this on Dan Walsh’s SELinux blog and thought I’d share it. This also has a plethora of SELinux knowledge in it.
Geschrieben um 08:58
See you all there on Saturday, 23rd of August or Sunday, the 24th of August.
Geschrieben um 23:46
Major changes in CentOS 5.2 compared to CentOS 5.1 are: Firefox 3, Thunderbird 2, OpenOffice.org 2.3 and Evolution 2.12 on the Desktop side, Samba 3.0.28, xen-3.2 and an upgraded kernel with lots of driver updates on the server side of the system.
Geschrieben um 16:25
Geschrieben um 00:35